Conspiracies and incompetance

By | | , ,
Comments Off on Conspiracies and incompetance

Coincidences are wonderful things and I regularly give thanks to the fickle whims of serendipity . So this morning as work required me to be awake at a time I consider far too early for an Easter Saturday, I was presented with three unconnected articles which wonderfully answered a question I’ve often asked myself.

Why aren’t deniable/false flag activities more common?

After all for tarnishing reputations or spreading a bit of dirt they should be the easiest things in the world to carry out, a few trouble makers at a demo and the media can dismiss the entire thing. Free throw away websites or journals and anything can be made public. It really shouldn’t tax anyone’s brains too much.

So it seems that according to an updated journal on the New York Times, that “agent provocateurs” were indeed in play at the G20 protests until challenged at which point they appear to have readily revealed themselves. Following on from this there is the developing story concerning Iain Dale and Guido Fawkes regarding a deniable website that the powers that be “considered” setting up to do their dirty work. What both these stories show is that whilst such activities should be simple they remain beyond the competence of at least part of our current regime. The G20 incident due to the official mendicant having more ID on them than even a normally cautious protester, and cutting and running far too quickly and for the website story it’s yet more proof that groups of people (especially in government) can’t keep secrets and that they still haven’t learnt about the dangers of paper trails.

So the answer to my question is that out with specialist groups that make such matters their business, there simply isn’t the competence to carry out such simple tasks (something all the failed IT projects in Government should have tipped me off about really). This lack of competence is also why there probably isn’t a conspiracy. Which is quite cheering really.

Some what unrelated: From comments on Guido’s journal by Joe Gormley’s Grandson I’m now aware of http://www.newssniffer.co.uk/ which lets you track how news stories change on line over time within the same article.

-1

Chicken Little rules the roost

By | | , , , ,
Comments Off on Chicken Little rules the roost

I’ve been reading a lot of posts regarding how ISPs will be logging every web site we visit and all of our e-mail based on an eu directive that came in to force today. I’ve also read the UK legislation and the EU directive and as far as I can make out it’s all bollox! No really it is.

The only source for the belief that ISPs will be logging web pages I can find is an article in the telegraph it isn’t in either bit of legislation. Well not unless it’s been very sneakily snuck in, in something that’s not yet online and that no one has referenced. In fact nothing that isn’t already logged will be logged, what has changed it how long the logs are kept for.

Your ISP already logs when you connect to them and what IP address they give you, if you use their mail servers they log who you send mail to and from. This is routine and is currently thrown away after a month normally never looked at unless there’s a problem. I used to look at it a lot when I worked on the abuse desk of a large well known UK ISP, and the bit they’re logging half of it’s easily forged in an way undetectable from those logs. I am quite prepared to accept this is the thin end of the wedge, but at the moment the blogosphere (gods I hate that phrase) is raging against phantoms of it’s own imagining.

There is a circumstance where ISPs might log the web sites you go to, if they force you through a proxy server, or if you choose to use a proxy server. This is however very easy to detect.
1) Go to http://find-my-ip-address.net/ make a note of what it says your IP address is.
2) Check what your IP address is on your computer if they don’t match you’re going through a proxy server. Or you have an ADSL router which is giving you a private ip address.
(Private IP addresses start 192.168., 172.16 or 10. )

If you’re running windows you can find out your IP address by opening a cmd prompt and typing ipconfig look for the lines saying
IP Address. . . .

So your web browsing habits are safe, and you can make your email safe by using an email provider in a more friendly location. Or run your own get together with some mates, bribe a geek with beer and pay 10 quid a month for a virtual server you have complete control over.

There is a lot you can do easily to reduce what they can see, but at present your web access isn’t an issue. I’d be more worried about the retention of cell phone data including call location especially in light of events at the G20 summit (“We know you called X who was outside the bank of England whilst you were at the climate camp at 11:30, now why was that?”).
For the thicker end of the wedge take a look at:
Obama’s Surveillance State Targets PCs, Laptops and Media Devices and Should Obama Control the Internet?

For the record apart from working for a few years at an ISP, I’ve also worked with most of the large UK celco’s and currently run mail for over 60 domains on my own servers, amongst a few other things.

Update Sorry the independent is also reporting that Personal web data to be stored for a year, but again only in headline and paragraph one not in the details.

0

Data retention starts today

By | | , , , , ,
Comments Off on Data retention starts today

For those of you that may not have been paying attention the EU directive on data retention comes into force today. This means that from today your ISP will be required by law (The Data Retention (EC Directive) Regulations 2009) to retain data regarding your use of “internet access, internet e-mail or internet telephony” for a year and make it available to the government on request. Technically the regulations use the wonderfully imprecise phrase:

(a) in specific cases, and
(b) in circumstances in which disclosure of the data is permitted or required by law.

so I think on request is probably a fair interpretation.

Ignoring the much simpler aspects regarding telephone calls where all telephone companies must record, who you called, when and for how long as well as in the case of mobile providers your location at the time. From the internet side of things they’ll be recording:

  • your IP address
  • Access time and duration of access (This to my mind shows up pre-broadband thinking, the longer your connection is online the less useful this data).
  • Who you’ve sent email to and when
  • Who you called via internet telephony (skype etc.) and how (Unless they snoop all your traffic which isn’t required I suspect this one applies to the internet telephony provider rather than your ISP

Of course this only applies to “public communications provider” run your own servers in conjunction with some friends and then you won’t be logged, use email providers outside of the EU and you won’t be logged (well not under this law at least). If you have a broadband connection log of as little as possible to reduce the utility of the logs and don’t use your ISP for email, as at the very least you can make it harder for them to join the dots. Also of course it’s worth noting that the original directive states
This Directive relates only to data generated or processed as a consequence of a communication or a communication service
so if you use services configured not to generate logs then nothing has to be kept.

Before we blame the EU however it’s worth remembering that it was our Government that asked them to create this rule see this Telegraph article for more background. Though the directive doesn’t contrary to that article seem to actually require that they record the websites you visit. The good news is that the ISPs and Telco’s shouldn’t put up their prices because of this, the bad news is that’s because the government our using our taxes to pay them to spy on us.

Further note despite what Anna Raccoon says and the Various comments (Same article posted to two locations), there doesn’t seem to be any requirement for usage of websites to be logged, it does seem to be “only” VOIP, email and connection to the internet that is to be logged. However if you fancy some spook baiting even though it’s probably not needed or useful then the Landed underclass has some good tips. Some Tory Lords at least are concerned about how this came into effect and where it’s going.

Will update this with further commentary as I stumble upon it, and will correct my interpretation of what is to be logged if I find an explanation of why my interpretation is wrong.

Update Further commentary:
A rather poor interpretation and udnerstanding of the directive from Himmelgarten cafe (hat tip: Charlotte Gore

Update 2
In response to the article from Himmelgarten cafe linked to above it occurred to me that it might be of interest to show people what the logs being retained typically show:

2009-04-06 17:46:02 Message-id <= sendinguser@address H=sending-hostname P=esmtp S=3115
2009-04-06 17:46:02 Message-id => <receiving-user@address> R=userforward T=address_file
2009-04-06 17:46:02 Message-id Completed

The interesting bits are the time stamps and the bits in blue, the bit in red is very trivial to forge. Also when he states that “No help is being offered on paying for the additional storage space.” that would appear to be at odds with what is stated in the directive, but for small email providers it isn’t a huge burden if you only consider the disk space and not back up facilities as each message only takes in the region of 0.5 kb to log.

-1